Vacancy expired!
Resp & Qualifications
COMPANY SUMMARY:CareFirst, Inc., and its affiliated companies, generally referred to as CareFirst BlueCross BlueShield (CareFirst), is the Mid-Atlantic region’s largest private sector health insurer, serving the healthcare needs of 3.5 million members in Maryland, the District of Columbia, and portions of northern Virginia. The Company offers a comprehensive portfolio of products and services to individuals and groups, as well as state and federal government sponsored plans. With a market share almost three times that of the closest competitor, the company commands 45 percent penetration across the region. In July 2018, Brian D. Pieninck assumed the role of President and CEO after serving as the company’s COO of Strategic Business Units and IT Division. Under his leadership, the organization completed an extensive review of its operations and clinical programs, resulting in an expansive 3-year strategy to grow and diversify the company’s core business. Along with a 5-year vision to drive the transformation of the healthcare experience across the continuum of its members, partners, and communities, the company has placed a renewed and intentional focus on fostering a mission-based culture, which drives every decision the company makes. The organization employs over 5,600 full-time employees in Maryland, Northern Virginia, the District of Columbia, and West Virginia. CareFirst has earned multiple workplace awards recognizing its leadership in diversity and inclusion, wellness engagement, and creation of a supportive and equitable work environment for all employees.At CareFirst, you are part of an inspired, collaborative team that is building the healthcare experience we want for our families and our future. Every day, we make a meaningful difference in the communities where we live and work.We practice empathy, seek to understand, invest in inclusion, demand equity and nurture belonging every day for our employees and the communities we serve. We rely on the rich diversity of our employees’ experiences and backgrounds to achieve our mission. Every year we host a Week of Equity and Action where we deepen our investment and commitment to diversity, equity, and inclusion. During this week thousands of employees engage in workshops and volunteerism with the goal of bettering themselves and our community.- Women make up around 70% of CareFirst’s employee population, and over 50% identify as BIPOC (Black, Indigenous, and people of color).
- We have 9 resource groups that connect employees over shared identities (LGBTQ, veteran status, race, etc.) and passions (climate change, healthy living, leadership development).
- Employees are encouraged to give back and volunteer in their communities with their civic engagement hours.
- Monitor consoles and telemetry directly from a variety of security toolsets and from the SIEM.
- Thoroughly investigate and document security events.
- Audit and review system reports and security logs for unauthorized access, noncompliant activity, or access misuse.
- Monitor and escalate incoming security requests and events of interest from different external and internal sources.
- Follow standard operating procedures for detecting, classifying, and reporting incidents.
- Develop or improve use cases to increase efficacy, performance, or outcomes for security monitoring.
- Participate in incident response activities as necessary.
- Triage (determine scope, severity, and priority) of events in Security Information and Event Management (SIEM) tool or within other security monitoring tools directly.
- Research vulnerabilities in applications and systems. Provide recommendations for resolution and track remediation activities.
- Traffic analysis (at the packet level) and reconstruction of network traffic to discover anomalies, trends, and patterns affecting the customer's networks.
- Analyze firewall logs, Full Packet Capture (PCAP), IDS alerts, Anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs to investigate events and incidents for anomalous activity and produce reports of findings.
- Coordinate with third party providers to ensure appropriate detections are built and deployed.
- Coordinate with Threat Intelligence and Response Operations to enhance time to detection and response.
- Deployment, configuration and management of Endpoint Detection and Response (EDR/XDR) tools, such as CrowdStrike.
- Experience managing Microsoft Defender for Endpoint.
- Experience in a hybrid multi-cloud environment – Azure highly preferred.
- Experienced in the application and usage of threat analysis models/frameworks such as the Cyber Kill Chain, MITRE ATT&CK, etc.
- Advanced knowledge of threat Tactics, Techniques and Procedures (TTPs), especially in cloud environments and including SaaS services like M365.
- Must be able to effectively work in a fast-paced environment with frequently changing priorities, deadlines, and workloads that can be variable for long periods of time. Must be able to effectively communicate.
- Incumbent must have a firm understanding of Information and/or Cyber Security principles. Must be able to adapt quickly to understand rapidly changing threat landscape in order to correctly scope and prioritize security events. The incumbent must also be able to achieve certification across multiple domains such as networking, security, development languages, etc.
- Experience preventing, detecting, analyzing and responding to threats against sensitive information.
- Experience triaging security, network and endpoint forensic analysis, threat hunting and vulnerability escalation.
- Experience with security monitoring and reporting tools and conducting security investigations of incidents and events.
- Critical thinking and analytical skills to develop enhanced workflows and use cases for next generation platforms and cloud technology.
- Experience with analyzing large data sets and log files to find correlations and anomalies.
- Ability to utilize native cloud security tools in Azure to design and implement continuous monitoring solutions.
- Advanced knowledge and use of Splunk.
- Ability to script proficiently in either Python or PowerShell
- Advanced knowledge and use of Linux
- OSINT collection and analysis.
- ID: #44722114
- State: Maryland Owingsmills 21117 Owingsmills USA
- City: Owingsmills
- Salary: USD TBD TBD
- Job type: Permanent
- Showed: 2022-08-09
- Deadline: 2022-10-07
- Category: Et cetera